Why Privacy Policies are Hard to Read

I’ve been thinking a lot about privacy policies lately—mostly due to client work—but also because I just listened to a great podcast episode about them from Mozilla’s IRL Podcast:

The episode dives into what exactly a privacy policy even is, why they are mostly terrible, what to watch out for most, and how to make sense of them. I’m not going to rehash all that. Just listen to it.

One quick point toward the end of the episode made me think of a principle I’ve often noticed in my project: The best user interfaces, navigation structures, and designs clearly communicate what an organization does. Thought about that way, dense, vague, and hidden privacy policies may often suggest that a company does not want you to know what it does.

When a Site Owner Doesn’t Like Category Counts

Here’s a simple example to show what I mean.

When building a faceted navigation system or even a list of blog categories that allows a visitor to narrow results by checking boxes or clicking a link, it’s not uncommon to include the count of how many items are in each category. For example, you might see this in the sidebar of a clothing shopping site:

▢ Pants (54)

▢ Shorts (33)

▢ Dress Shirts (20)

▢ T-Shirts (97)

▢ Swimsuits (3)

Those counts after each checkbox (the checkboxes are fake) are darn helpful! They tell you what to expect after each click, and also tell you something about the store itself. In this case, for instance, we can see that they have swimsuits, but not that many.

On more than one occasion, I’ve had people ask me to remove those counts because they didn’t like the numbers! Those numbers simply reflect the contents of the site. You may not like what the numbers say, but hiding the numbers is little more than blaming the messenger.

Serving Users Best

Just like in my example, many companies are explicitly motivated to NOT create an interface that best serves users and clearly explains how they collect and use your data.

Right now, we’ve made a terrible trade with these companies: For the short-term gain of a free service, they are more than happy to build an interface that makes it easy to accept a privacy policy and terrible to actually read it. Out of sight. Out of mind.

Instead, imagine a beautiful tutorial style walkthrough explaining how an app or website exposes your data and uses it, followed by a question like “Will you accept our use of your data in return for this free service?” I bet many people would still say yes, and it would actually be an informed consent that seems much more legally and morally sound. But many would also say no which would mean less money for that company.

A clear interface works because it exposes the structure and content of a website or program to the user in a way they can comprehend and operate. So when someone doesn’t like what a good interface says about their product, beware.

And since I’m discussing privacy policies, it seems only fair to link to mine. I have no doubt it could be better, but I think it’s at least pretty OK!